On Wed, Aug 13, 2014 at 12:35 PM, Valeri Galtsev
<galtsev@xxxxxxxxxxxxxxxxx> wrote:
>> On Wed, 2014-08-13 at 18:32 +0200, Timothy Murphy wrote:
>>> If I had to read a book in order to install and configure postfix I
> would go back to sendmail.
>>
>> No one really wants to revert to Sendmail - do they ?
>>
> Sendmail exists forever. Postfix emerged a bit later, and postfix was
> written with security in mind. In case of sendmail on [huge] binary does
> everything, including listening to external port. There are quite likely
> multible bugs in large code.
That was true when postfix was initially written, but subsequently,
the sendmail has been audited more thoroughly than any other piece of
code you are likely to use (certainly more than openssl, which
everyone used to trust...) and split into submissioin and delivery
processes with milter hooks to let additional processing steps run as
different, non-root users. While anything can have undiscovered
bugs, at this point I don't think it is fair to say that one is any
more secure than the other.
> Usually postfix comes more or less decently configured as a trivial mail
> server (both in case of CentOS rpm, and from postfix vendor if you
> download tarball and build it yourself
But likewise, the rpm-packaged sendmail comes with a configuration
that only needs a few tweaks to the readable sendmail.mc file for most
common uses. And MimeDefang lets you do anything more complex in
perl. I haven't seen anyone here claim to have hooked MimeDefang to
postfix but it should be theoretically possible now that postfix
supports milters.
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
